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Abstract 

A novel algorithm is proposed for the interpolation step of the Guruswami-Sudan 
list decoding algorithm. The proposed method is based on the binary exponentiation 
algorithm, and can be considered as an extension of the Lee-O'Sullivan algorithm. 
The algorithm is shown to achieve both asymptotical and practical performance 
gain compared to the case of iterative interpolation algorithm. Further complexity 
reduction is achieved by integrating the proposed method with re-encoding. The 
key contribution of the paper, which enables the complexity reduction, is a novel 
randomized ideal multiplication algorithm. 

1 Introduction 

The Guruswami-Sudan list decoding algorithm [T] is one of the most powerful decoding 
methods for Reed-Solomon codes. Its complexity is known to be polynomial. However, 
the degree of the polynomial turns out to be too high. Therefore, computationally efficient 
algorithms are needed in order to obtain a practical implementation of this method. 

The most computationally intensive step of the Guruswami-Sudan algorithm is con- 
struction of a bivariate polynomial passing through a number of points with a given mul- 
tiplicity. In this paper a novel reduced complexity interpolation algorithm is presented. 
It is based on the well-known binary exponentiation method, so we call it binary inter- 
polation algorithm. The algorithm exploits the relationship between the Grobner bases 
of zero- dimensional ideals and appropriate modules. The key component of the proposed 
method is a novel randomized fast ideal multiplication algorithm (see Figure E])- We show 
also that the interpolation complexity can be further reduced by integrating the proposed 
method with the re-encoding approach [21 13] . 

The paper is organized as follows. Section |3] presents a simple derivation of the 
Guruswami-Sudan algorithm and all necessary background. Section H] introduces the novel 
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interpolation algorithm. Numeric performance results are given in Section O Finally, some 
conclusions are drawn. 

2 Notation 

V 

• {Qi{x,y),0 <i<v) = {^pi{x,y)Qi{x,y)\pi{x,y) E ¥[x,y]} is the ideal generated 

i=0 

by Qi{x,y). 

V 

• [Qi{x,y),0 < i < v] = {'^^Pi{x)Qi{x, y)\pi{x) E ¥[x]} is the module generated by 

4=0 

Qi{x,y). 

• Q^^''^''^{xi,yi) = rM Jgjjjvxf"^'yf~^Msth 

j'i>jij'2>h 

at point {xi,yi). 

• Q{xi,yi) = 0^ means that Q{x,y) has a root of multiplicity at least r in {xi,yi), i.e. 

Q^^"''Kx^,y^)=0,Jl+J2<r. 

• Ir = {Q{x,y) E ¥[x,y]\Q{xi,yi) = 0^, 1 < i < n} is the ideal of polynomials having 
roots of multiplicity at least r at points {xi,yi), 1 <i <n. 

• Mr,p = {Qix,y) E J^l wdeg(o,i)Q(x,?/) < p}. 

• LT Q{x,y) is the leading term of Q{x,y) with respect to some term ordering. 

• is the dimension of vector B. 

• A(i3) = J2^j=o^j^ where B = {Bo{x,y), . . . , Bs{x,y)) is a Grobner basis of some 
module, and LT Bj{x,y) = ajx^^y^. 

3 Preliminaries 

This section introduces some background information on the Guruswami-Sudan list decod- 
ing method, associated computational algorithms, and various algebraic concepts used in 
this paper. 

3.1 Term order ings 

Multivariate polynomials are extensively used in this paper, so one needs to introduce 
monomial orderings to deal with them, (a, 6)-weighted degree of a monomial cx'^y^ equals 
ai + bj. (a, 6)-weighted degree wdeg(„ Q(a;, ?/) of a polynomial Q{x,y) equals to the 
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maximum of (a, 6)-weighted degrees of its non-zero terms. Weighted degree can be used to 
define a term ordering, (a, 6)-weighted degree lexicographic ordering is defined as cx'^y^ -< 
dx^y'^ -x^ {ai + bj < ap + bq) V {ai + bj = ap + bq) A {cx^y^ -<iex dx^y'^). Lexicographic 
ordering is defined as cx^y^ -<iex dx^y^ ^ (j < g) V (j = q) /\ {i < p). Leading term 
UTQ^x.y) of a polynomial Q{x,y) = Yli^ij^^V^ given by aigmax qijx'y^ . Multivariate 

polynomials can be ordered according to their leading terms. 



3.2 Guruswami-Sudan algorithm 

The Guruswami-Sudan algorithm addresses the problem of list decoding of {n, k,n — k + 1) 
Reed-Solomon code over field F. That is, given a received vector {yi, . . . , yn), it finds all 
message polynomials /(x), such that deg/(x) < k and /(xj) = yi for at least r distinct 
code locators Xi This is accomplished by constructing a polynomial Q{x,y), such that 
Q{xi,yi) = 0'',wdeg(j fc_^)Q(a;,|/) < /, wdeg(o,i) (^(a;, y) < p, and factoring it. 
It is possible to show that the parameters of this algorithm must satisfy [Ij 



Pip -I] 



< 



< 



nr{r + 1) p(p -|- 1 
2{k-l) 
nr{r + 1) 



(p-l)(fc-l) 



r 



2p 2 

+ 1 > ^n{k-l). 



(1) 
(2) 
(3) 



3.3 Interpolation 

Construction of a polynomial Q{x,y) turns out to be the most computationally expensive 
step of the Guruswami-Sudan algorithm. This section presents an overview of two existing 
algorithms for the interpolation problem. The first one will be used to derive some im- 
portant properties of the underlying algebraic structures, and the second will be used as a 
component of the proposed method. 

Observe that the set of polynomials = {Q{x,y) G ¥[x,y]\Q{xi,yi) = C, 1 < i < n} 
is an ideal. The smallest non-zero polynomial of this ideal with respect to {l,k — 1)- 
weighted degree lexicographic ordering must satisfy the constraints of the Guruswami- 
Sudan algorithm. Such a polynomial is guaranteed to appear in the Grobner basis of Ir 
with respect to this term ordering [5j. However, it turns out to be easier to construct a 
Grobner basis of the moduli M^^p = {Q{x, y) £ Ir\ Qi^^ u) < p}- 

3.3.1 Iterative interpolation algorithm 

The algorithm shown in Figured] constructs p non-zero polynomials Qj{x, y), < j < p — 1, 
such that Q{xi,yi) = 0^ ,LT Qj{x,y) = ajx^^y^, and tj are the smallest possible integers 

^The concept of module is similar to the concept of linear vector space, except that the former one is 
based on a ring, while the latter is based on a field. 
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lTERATIVElNTERPOLATION(n, {{Xi, Vi),! <i < n}, r, p) 

1 for i to p — 1 

2 do Q,{x,y) ^y'- 

3 for i ^ 1 to n 

4 do for /3 ^ to r - 1 

5 do for a^Otor — /3 — 1 

6 do A, ^ '"'(x,, y.), < J < p - 1 

7 m ^ arg min Qj{x,y) 

8 for i ^ m 

9 do gj(x,?/) ^ - 

10 ^ (5^(x,|/)(a; - Xi); 

11 return ((5o(a;,l/), ••• ,<5p-i(a;,2/)) 



Figure 1: Iterative interpolation algorithm (IIA) 



[H [HI [7]. These polynomials represent a Grobner basis of the module Mr^p = {Q{x,y) G 
Ir\ wdeg^Q^^) Q{x,y) < p} [HI E]. In the context of list decoding one has to use (1, k — 1)- 
weighted lexicographic ordering. The solution of the interpolation problem is given by the 
smallest polynomial in the obtained vector {Qo{x, y), . . . , Qp-i{x, y)). It can be seen that 
the complexity of IIA is given by 0{'n?r'^p). 

It will be sometimes convenient to represent a vector of polynomials Ai[x,y) = 

/aoo(x) aoi{x) ... aos{x)\ 



E 



x),0 < i < s, as (1, 1/, ...,?/* 



aiQ^x) aii(x) ... ais(x) 
\ato{x) ati{x) ... ats{x)J 



where A{x) is 



a (t + 1) X (s + 1) polynomial matrix. 



A{x) 



Lemma 1. Let Q = {Qo{x,y), . . . ,Qp-i{x,y)) be a vector of polynomials constructed by 
IIA for the input (n, {(xj, yi), 1 < i < n}, r, p). Then 

r{r + 1) 



n- 



degdetQ(x) = A(Q) 
where Q{x) is the corresponding polynomial matrix. 

Proof. Observe that at each iteration of IIA the x-degree of exactly one polynomial is in- 
creased by one. Hence, the sum of leading term x-degrees of all polynomials after algorithm 
termination is equal to the number of partial Hasse derivatives forced to be zero. On the 
other hand, this algorithm can be interpreted as construction of the polynomial matrix 



Q(^) = n n 

i=l a+p<r 



(4) 
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and m = m{i,a,P) is the index of the smallest polynomial selected on line 7 of the 
algorithm. Obviously, det 5*^*'"''^^ = 7i,a,/3(a; — Xj) for some non-zero 'Ji^a,f3, and the number 
of terms in (jl]) is again equal to the number of Hasse derivatives forced to be zero. □ 

Observe that for a fixed term ordering there may exist many different Grobner bases 
of a module. However, they share the following common property. 



Lemma 2. Let B 



{Bo{x,y), . . . 



(x, y)) be a Grobner basis of the module M^^p. Then 



Proof. Let Qj{x,y),0 < j < p — 1 be the Grobner basis of Mr^p constructed by IIA for 
the same term ordering. Then LT Qj{x,y) \ LT Bj{x,y) and LT Bj{x,y) \ LT Qj{x,y). This 
means that the leading terms of Bj{x,y) and Qj{x,y) are the same up to a constant in F, 
and the statement follows from Lemma [H □ 



3.3.2 Transformation of module basis 

It was shown in [TUl [HI [121 [13] that the ideal of interpolation polynomials is generated 
by 

n,,,(x, y) = {y- T{x)y<l)'-^{x), < j < r, (5) 

where T{xi) = yi,l < i < n, and (j){x) = YYi=ii^ ~ ^«)- Hence, the basis of the module 
M-r^p is given by £ = (11^,0(3;, !/),•••, n,.r(a;, y), Ilr,r+i{x, y), • • • , Ur^p-i{x, y)), where 

Ilr,r+jix, y) = y^Ur^rix, y),0 <j < p-r. (6) 

Lemma 3. The polynomials {So{x,y), . . . , Ss-i{x,y)) represent a Grobner basis of the 
module M = {^"^jZo Sj{x,y)aj{x)\aj{x) G ¥[x]} if jdeg Si{x,y),0 < i < s — 1 are distinct 
values. 

Proof. The lemma follows from the Buchberger S-pair criterion [H] . □ 

The above described basis C has to be transformed into a Grobner one with re- 
spect to {l,k — l)-weighted degree lexicographic monomial ordering. This can be done 
with the algorithm given in pT| [T2], which can be considered as a simplified instance 
of the Buchberger algorithm. It is convenient to present it here in a slightly modified 
form. Namely, this algorithm takes as input some polynomial P{x,y), Grobner basis 
{So{x,y), . . . , Si-i{x,y)) of some module M C F[x,?/], and constructs a Grobner basis of 
module M' = {Q{x,y) + a{x)P{x,y)\Q{x,y) G M,a{x) G F[x]}. The algorithm is shown 
in Figure [21 
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Reduce((5o(x, 1/), . . . , Si.i{x, y)), P{x, y)) 

1 Si{x,y) <- P{x,y) 

2 while 3j : (0 < j < i) A (ydeg Sj{x, y) = ydeg Si{x, y)) 

3 do if LT Si{x, y) \ LT Sj (x, y) 

4 then W{x,y) ^ Sj{x,y) - ^^S.{x,y) 

5 Sj{x,y) Si{x,y) 

6 S^{x,y)^W{x,y) 

7 else ^^(x, ^ ^.(a;, - i$|j{jfy5'j(x, y) 

8 if5,(x,y) = 

9 then i i — 1 

10 return (S'o(x, y), . . . , ^^(x, y)) 



Figure 2: Multi-dimensional Euclidean algorithm 

Lemma 4. Lei S'j(x,t/),0 < j < i — 1 be the polynomials such that LT Sj{x) = 
ajx^^y^ ,'wdeg(^Q i^ Sj{x,y) < i. Then the Reduce algorithm constructs a Grobner basis 
of the module M = [So{x, y), . . . , Si-i{x, y), P{x, y)] . 

Proof. This statement follows from Lemma [3] and invertibility of transformations used by 
the algorithm. □ 

The required Grobner basis is obtained as iSp„i, where 

Sj = Reduce{Sj_i, n^j(x, y)),So = (n^,o(a;, y))- (7) 

The complexity of this method is given by 0{n^k^^r^) [12j. Curiously, if (1, /c — l)-weighted 
degree lexicographic ordering is used and r = l,p = 2, it reduces to the Gao decoding 
method [151 US], with function Reduce being the standard extended Euclidean algorithm 
with early termination condition. Therefore, Reduce will be referred to as the multi- 
dimensional Euclidean algorithm. 



4 Binary interpolation algorithm 

This section introduces a novel interpolation algorithm. The main idea of this algorithm 
is to construct a sequence of ideals and modules of polynomials having roots {xi,yi) with 
increasing multiplicity. The proposed method can be considered as an application of the 
well-known binary exponentiation algorithm to zero-dimensional ideals. 

4.1 Interpolation via ideal multiplication 

The main drawback of the method given by ([7]) is that one has to ma- 
nipulate with the polynomials having large common divisors. For example. 
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Si = Reduce{(Ilrfi{x,y)),Ilr^i{x,y)) = Reduce{{(j)'^{x)), (j)'^^^{x){y — T(x))) = 
(f)^~^{x)Reduce{{(j){x)),y — T(x)). Furthermore, polynomial exponentiation is used in 
The method proposed in this paper avoids both reducing the polynomials with large GCD, 
and computing large powers of polynomials. This is achieved by first constructing Grobner 
bases for small root multiplicities, and using them to obtain bases for larger root multi- 
plicities. 

Lemma 5. Let Ij. = {Q{x,y) G ¥[x,y]\Q{xi,yi) = 0^, 1 < i < n}. Then Jn+ra = ■ Ir2- 

Proof. Ir,+r2 =< {y - T(x))^0'-i+'^2--'(x),O < J < n + >=< {y - 
T{x)y^+^'^'^-^'+'-^-^^{x),ji = 0,...,ri,j2 = 0,...,r2 >=< {y - T{x)y^4>^^-^^{x), ji = 

0. . . . ,ri > • < (y - T{x)y^4>^^-^^{x),j2 = 0, . . . ,r2 >= J., ■ □ 

This lemma implies that 1^ = Ii ■ Ii ■ ■ ■ Ii = T[. One can avoid repeated calculations 

rtimes 

and reduce the overall number of calls to the Reduce algorithm by using the binary expo- 
nentiation method [T7]. Namely, one can compute 

= /[ = (... . /[— . 2)2 . f^ra-, . . . jn)2 . jro 

where r = Yl^=o '^i^-^' = 1, l"^ = I ■ I, l'^ = F[a;, y], and / ■ ¥[x, y] = I. 

The key problem addressed in this paper is how to construct efficiently a Grobner basis 
of the product of ideals /' = {Po{x, y), . . . , Pu{x,y)) and /" = {So{x, y), . . . , Sy{x,y)). The 
standard way is given by 

/' ■ /" = (P,(x, y)S,{x,y),0<t<u,0<j<v), (8) 

1. e. to compute pairwise products of all basis elements of the ideals being multiplied. This 
requires {u + l){v + 1) bivariate polynomial multiplications, and the basis of I' ■ I" obtained 
in such way is extremely redundant. Furthermore, Buchberger algorithm must be used in 
order to obtain a Grobner basis of Ir- 

To the best of author knowledge, the problem of efficient ideal multiplication was not 
considered in the literature, except in [5], where multiplication of zero-dimensional co-prime 
ideals was reduced to linear convolution. However, the ideals considered in this paper are 
not co-prime. 

This problem can be again solved by constructing at each step of the binary exponen- 
tiation algorithm a basis of the module of polynomials with limited (0, l)-weighted degree. 

Lemma 6. Consider the polynomials Pj{x, y) : Pj{xi, yi) = 0^ , 1 < i < n, < j < m, such 
that LT Pj{x,y) = ajx^^y^ , wdeg(o,i) Pj{x,y) <rn, tm = 0, and 

A ((Po(x, y), . . . , P^{x, y))) = (9) 

Then Is = {Pj{x,y),0 < j < m) , and the polynomials Pj{x,y) constitute a Grobner basis 
of this ideal. 
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Proof. Observe that the polynomials Pj{x,y) represent a Grobner basis of some module 
by lemma [21 Obviously, {Pj{x,y),0 < j < m) C Ig- Suppose that the polynomials Pj{x,y) 
do not constitute a Grobner basis of Is- That is, there exists S{x,y) G Ig '■ S{x,y) = 
y)Pji^j y) + R{.^i y), where the terms of R{x, y) are not divisible by LT y), 
i.e. wdeg(Q < m and LT/2(x,?/) = f3x^y^,u < t^. Observe that R{x,y) G Mg^rn- 

This means that the polynomials Pj{x,y),0 < j < m — 1, do not represent a Grobner 
basis of module Mg^m- The true Grobner basis of this module should consist of smaller 
polynomials, i.e. the sum of x-degrees of their leading terms should be less than !i£i£±i). 
But this contradicts to Lemma [H Hence, R{x,y) = and Pj{x,y) constitute a Grobner 
basis of J^. □ 

Observe that there may exist Grobner bases of Ig not satisfying the constraints of this 
lemma. 

Let In = {Pj{x, y),0 < j < u) , = {Si{x, y),0 < i < v) be the ideals given by their 
Grobner bases satisfying the above lemma. One can construct a Grobner basis of the 
product Iri+r2 of thcsc ideals as follows. Let (m^-,m^'),0 < j < {u + l){v + 1) — 1 
be a sequence of distinct pairs of integers such that < m^- < u, < m" < v, and 

LT (^Pm'^ {x, y)Sm'j{x, y)j = ajX^^y^ for j <u + v. Let 

Bu+v = {Pm'j{x, y)Sm'j{x, y),0 < j <u + v) (10) 

be a basis of some submodule of Mr-i^+r2,u+v+i- By Lemma [3] it is a Grobner basis of this 
submodule. It can be seen that A{Bu+v) = E?=o > "(^'^+'^^)(;^+^'^+^) . 
Let 

Bj = Reduce{Bj-i, PmrSm'j),j > u + v. (11) 

The Reduce algorithm attempts to cancel the leading terms of the provided polynomials, 
so A{Bj+i) < A{Bj). As soon as one obtains A{Bj) = ^ Bj is a Grdbner 

basis of Iri+r2- 

Lemma 7. Mrj^+r2,u+v+i is generated by B(_u+i){v+i)-i- 

Proof. Consider Q{x,y) G Iri+r2y such that wdeg^Q Q(a;, y) < u + v. Any such poly- 

U V 

nomial can be represented as Q{x,y) = ''^^Pj{x,y)''^^qji{x,y)Si{x,y). Inner sum is 

j=0 i=0 

sua element of /^.j. Since the polynomials Si{x,y),0 < i < v, are a Grobner ba- 
sis of Mrj^^+i and J^j, one can use the multivariate polynomial division algorithm to 

obtain Q{x, y) = ^ Pj{x, y) I ^ Wji{x)Si{x, y) + S'^(x, y) ^ y'^^Wjiix) J . Similarly, 

j=0 \i=0 i>v / 

u 

P{x,y) = Pj(x, y) ?/*~^tyjj(a;) is in J^^, and the multivariate division algorithm 

j=0 i>v 
u 

leads to P{x,y) = ^Wjy{x)Pj{x,y) + Pu{x,y)'^y^~'^Wjy{x). Hence, Q{x,y) = 

j=0 j>u 



U V 

''^^'^^Pj{x,y)Si{x,y)wji{x) + Pu{x,y)Sy{x,y)yw{x,y). Last term in this expression is 

zero, since Q{x, y) does not contain any monomials ax'^y'^ with q > u + v, so Mj.^j^j.2,u+v+i = 
[Pj{x,y)Si{x,y),Q<3<u,Q<i<v]. ' □ 

The lemma states that for any suitable polynomial Q{x, y) G Irilr2 can replace the 
bivariate polynomials qji{x,y) with univariate ones Wji{x). This implies that the sequence 
Bj converges eventually to the required module basis. However, the convergence turns out 
to be quite slow. One may need to compute many bivariate polynomial products Pm'.Sm'j 
and apply Reduce algorithm to them before the constraint iQ is satisfied. In many cases 
it appears even that Bj+i = Bj. That is, a significant fraction of pairs {m'-,m'-) is useless. 

Therefore we propose to replace pairwise products Pj{x,y)Si{x,y) in with their 
random linear combinations 

U V 

Qsix,y) = ^^XsjiPjix,y)Si{x,y), (12) 

j=0 i=0 

where Xsji are independent random variables uniformly distributed over F. Obviously, 
such polynomials still generate the ideal product if the linear transformation given by Xsji 
is invertible, i.e. if at least {u + l){v + 1) polynomials Qs{x,y) are given. However, it 
turns out that in average one needs just a few such polynomials to obtain a basis of the 
ideal product. The reason is that Qs{x, y) depend on all pairwise products Pj{x, y)Si{x, y), 
and a Grobner basis construction algorithm (e.g. Reduce) can take them into account 
simultaneously. This will be discussed in more details in Section 14.21 

However, it is impractical to construct the polynomials explicitly as given by (|T2l) . since 
this requires one first to compute all pairwise products Pj{x,y)Si{x,y). More efficient way 
is to construct a sequence of bases 

B'j^^ = Reduce ^^^aijPi{x,y)^ (3ijSi{x,y) 

where j > u + v, and aij,Pij are some random values uniformly distributed over F. Fur- 
thermore, we propose to construct the initial basis B'^_^_^ = {Qo{x,y), . . . ,Qu+v{x,y)) as 
Qi{x,y) = Pi-j{x,y)Sj{x,y), where for each i j is selected so that LT Qi{x,y) = aix'^^y\ 
and the values tj,0 < i < u + v are minimized. This reduces the number of iterations 
needed by the Reduce algorithm. The proposed approach is summarized in Figure [31 



Theorem 1. Given Grobner bases V = {Po{x,y), . . . , Pu{x,y)) and S = 
(S'o(x, y), . . . , Sv{x, y)) of ideals 1^ and Ir^, the result of Merge{V, S, n ^^'^^^^ ) is a Grobner 
basis of Ir, where r = ri + r2- 

Proof. Observe that the sequence B'^ still converges to a basis of Mr-^^r2,u+v+i, since it is 
possible to select aij and so that the linear transformation (fT2l) given by Xsij = cusf^^js 
is invertible, provided that sufficiently many polynomials are constructed. By lemma IH 
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MERGE((Po(a;, y),.--, Pu{x, y)), {So{x, y),...,S^{x, y)), Aq) 

1 for i ^ to u + V 

2 do Qi{x, y) = mmo<j<t, Pi-jix, y)Sj{x, y) 

3 B = {Qo^x^y),. . . ,Qu+v{.x,y)) 

4 while A(i3) > Aq 

5 do Ui -v- rand{), < i < u 

6 13 j ^ randO, < j < v 

7 Q{x, y) ^ (^"^0 aiPi{x, y)) (^^^^ l3iSi{x, y)) 

8 i3 ^ Reduce(S, 

9 return B 



Figure 3: Construction of a Grobner basis of / = JK from the Grobner bases of J = 
{Po[x, ?/),..., P„(x, y)) and K = {So{x, ?/),..., S^{x, y)). 

the Reduce algorithm always produces a Grobner basis of some module. By lemma O this 
basis is a Grobner basis of Jr. □ 

Remark 1. Merge is not guaranteed to obtain a minimal Grobner basis of Ir- In particular, 
a few polynomials may have LT Bj{x, y) = yK Such polynomials are redundant, and should 
be eliminated, except the smallest one. 

The overall interpolation algorithm is shown in Figure |H — l)-weighted degree 

lexicographic ordering must be used throughout this algorithm. Observe that in most 
practical cases the polynomial T{x) can be constructed by using fast inverse discrete Fourier 
transform. FFT can be also used in the implementation of polynomial multiplication, which 
is extensively used by this algorithm. 

Theorem 2. Interpolate algorithm constructs a Grobner basis of Ir with respect to a given 
term ordering. 

Proof. The objective of the REPEAT loop is to construct a Grobner basis of Mi j+i, such 
that it is also a Grobner basis of Ji. Any Grobner basis of a zero-dimensional ideal must 
contain a polynomial Q{x,y) : LT Q{x,y) = y^ for some j [2, Th. 6.54], so this loop 
terminates eventually, and Q is indeed a Grobner basis of Ji. 

Let r' = '"i2*~"'~^. By induction, the input vectors to Merge at line 14 are 

two copies of a Grobner basis of Ir'- By Theorem [T] its output is a Grobner basis of l2r'- 
Similar argument applies to line 17. Hence, at the end of each iteration of the FOR loop 
one obtains a Grobner basis of l2r'+r - Observe also, that at the end of each iteration 
R = 2r' + rj. ' □ 

The interpolation polynomial needed by the Guruswami-Sudan algorithm can be found 
as the smallest element of the basis produced by the Interpolate algorithm. 
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lNTERPOLATE(((a;i,|/j), 1 < i < n),r) 

1 (f){x) ^ U7=i{^ - ^i) 

2 r(x) ^ Er 1 1/ J'^f ""'I 

3 g^{(i){x)) 

4 i^o 

5 repeat 

6 g ^ Reduce(^?, y^{y - T{x))) 

8 until LT^?j- = y^' 

9 B^g 

10 Lctr = E7=o^.■2^r,■e{0,l} 

11 i?^ 1 

12 for j m - 1 to 

13 do ^ 2i? 

14 MERGE(B,B,ni?(i? + l)/2) 

15 if = 1 

16 then R+1 

17 B ^MERGE{B,g,nR{R+l)/2) 

18 return B 



Figure 4: Construction of a Grobner basis for 7^ 
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4.2 Complexity analysis 



Let us first estimate the convergence speed of tlie Merge algoritfim. Recall, that this 
algorithm constructs a Grobner basis of Mn+r-a.w+D+i given Grobner bases of Mr^^u+i and 
Mr2,v+i (in fact, Ir^ and )• For the sake of simplicity we will estimate the probability 
of Mr^+r2,ti+v+i being generated hyu + v + 1 + 5 polynomials given by f|T2|) . such that 
IjT Qs{x^y) = jsX^'y^ for s < u + v, and leading terms of summands do not cancel. The 
difference in the behavior of the actual algorithm Merge with respect to this impractical 
ideal multiplication method will be discussed below. 

The polynomials Qo{x,y), . . . ,Qu+v+8{x,y) can be represented as a (m + f + 1) x 
{u + V + 1 + 6) polynomial matrix Q{x). If they indeed generate Afr^+r2,u+D+i) then the 
{u + V + 1) X {u + V + 1) polynomial matrix B{x) corresponding to the Grobner basis 
BQ{x,y), . . . , Bu+y{x, y) of this module as constructed by IIA satisfies 

Q{x)A{x) = B{x), 

where Q{x) is the polynomial matrix corresponding to Qi{x,y), and A{x) is some trans- 
formation matrix. On the other hand, Qj{x,y) G Mri+rj.w+D+i, i-e. Q{x) = B{x)A{x), 
where the elements of A(a;) matrix can be obtained by the multivariate division algorithm. 
Hence, 

Bix)A{x)Aix) = Bix). (13) 

Since LT Bj{x,y) = x^^y^,0 < j <u + v, the polynomials Bj{x,y) are linearly independent 
over ¥[x], and B{x) is invertible over the field of rational functions, so it can be cancelled 
in f|T3|l . Therefore, the problem reduces to estimating the probability of existence of a 
polynomial matrix A{x) satisfying 

A{x)A{x) = I. (14) 

This is a system of linear equations in terms of A{x). Observe that A(x) is a full-rank 
matrix over ¥[x]. Polynomial solution exists if and only if the scalar matrix equations 

A{x^)A{x^) = I (15) 

are solvable for any x^j G F*, i.e. A(x^) matrices have rank u + v + 1. It is sufficient to 
consider only such x^ that some fixed {u + v + 1) x {u + v + 1) submatrix A(x) of A(x) 
looses rank for x = x^, i.e. the roots of detA(x). Such roots are called eigenvalues of 
polynomial matrix A{x) [T8] . 

Let A{x) be a matrix consisting of first u + v + 1 columns of A(x). This matrix satisfies 

B{x)A{x) = Q{x), 

where the polynomial matrix Q{x) corresponds to Qo{x, y), . . . , Qu+v{x, y). For each eigen- 
value Xw G F* of A(a;) one can identify linearly independent left eigenvectors, i.e. 
vectors 2;'^"''^^ . . . , such that z'^'^'^'^ A{xw) = 0, 1 < / < n^. The geometric mul- 

tiplicity of eigenvalue is upper-bounded by its algebraic multiplicity r^^,, which is 
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defined as the multiplicity of root of detA(x). Equation (IT3]) is solvable if for each 
/ ^JJ^Q z]'"''''Ajj(x^) 7^ for at least one i : u + v < i < u + v + 6, i.e. if h.{xu,) 
is a full-rank matrix. The total number of such pairs (x^, z*-'"''-') is upper-bounded by 
N = degdet A(x) = degdet Q{x) — deg det i3(a;). The polynomials Qi{x,y),0 < i < u + v 
represent a Grobner basis of some submodule of Mrj^^r2,u+v+i, and could be obtained from 
those given by B{x) by executing lines 6-10 of IIA for a few additional points (xj, yi) and/or 
pairs {a, (3). Hence, by lemma [H Ai = degdet = A{{QQ{x,y), . . . ,Qu+v{x,y))) and 
Ao = deg det B{x) = n^-Li+I2)i^+Il±ll _ 

Let polynomials Ri{x,y),0 < i < w he a. Grobner basis with respect to (1, — 1)- 
weighted degree lexicographic ordering of Ir and M^^w+i for some R and w. Then 
LT Ri{x,y) = x^^y\0 < i < w, wher^ r, ^ Ir — i{k — 1),0 < i < w — 1 ioi some 
Ir: fw = 0, and X^ilo'^* ~ ^ Hence wIr — {k ~ ~ T^i^iiLtll^ and 

Since the polynomials Pi{x,y) and Sj{x,y) represent Grobner bases of Mrj^^^+i and 
Mr^^v+i, LTPj(x,?/) = x^^yi, LT Sj{x,y) = x^^y^, where pi ^ Iniu) — i{k — 1) and Sj ~ 
Iriiy) ~ jik — 1). Then ti ^ IrA'^) + lr2iy) ~ "i^k ~ 1))0 < i < u + v, tu+v = and 
iV = Ai - Ao = Erir U - n ('-^+-^)(;^+-^+^) ^ (u) + Uv))iu + v)-ik~ _ 

N ^ -{k - 1) \ ({vri - ur2Y + v'^ri + wVa) . (16) 

2 2uv 

Let us assume that the elements of A(x) are univariate polynomials with independent 
coefficients uniformly distributed over F. Then = ^"=0 ^j"'''^Aji(x^) is a random 
variable uniformly distributed over F'', where F* is the smallest algebraic extension of F, 
such that Xiu G F*, and s is the extension degree. Then the probability of A,^/ being 
non-zero for at least one i E {u + v + 1, . . . , u + v + 6} is given by = 1 — ^pp. 

Consider factorization detA(x) = CiYli^ii^)^ where a G F\{0}, and 0i(x) G ¥[x] are 
some monic irreducible polynomials. Each eigenvalue root of at least one of dAx), 

so Xw G F'^',(Tj = deg0j(x), and N = ^jCTj. Let Uj = \{i\(Ji = j}\, I < j < N. Observe 
that 4>i{x) has cij distinct roots in F'^*. Assuming the worst case, where the geometric and 
algebraic multiplicities of eigenvalues are the same, one obtains the following expression 
for the probability of f|T5|) being solvable for all eigenvalues x^: 

N N . .jo;, 

w=n»^r'=n(i-^ • ^"'> 

j=l j=i V 11/ 

^There is no formal proof for this approximation. However, one can argue that the polynomials in a 
Grobner basis of M}i^u)+i should have approximately the same (l,fc — l)-weighted degree, since the IIA, 
which can be used to construct them, always increases the degree of the smallest polynomial. Numerical 
experiments confirm this claim. Alternatively, if the received sequence is not a codeword, a Grobner basis 
of zero-dimensional ideal Ir must contain the polynomials with (1, /c — l)-weighted degree both below and 
above the value given by ([2]) , and the approximate expression for Iji derived below coincides with that one. 
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Assuming that det A(x) is a polynomial with independent coefficients uniformly distributed 
over F, one can estimate the probability of obtaining a particular factorization of det A(x) 
as = j^jw Y[f=i i^^^'^^^'^^) [19], where yUj is the number of monic irreducible polynomials 
of degree j. Hence, the probability of f[T^ being solvable is given by 

where summation is performed over all partitions u of A^. 

Exact evaluation of this expression does not seem to be feasible. However, it can be seen 
that the value of (|T7I) is dominated by the first multiple, and it is known that a random 
polynomial over a finite field F has in average one root in it [20]. Hence, the probability 
of fll4l) being unsolvable decreases exponentially fast with 6. Thus, for sufficiently large F 
one can assume that a Grobner basis of Iri+r2 can be derived from u + v + 1 + 6, 6 = 0{1) 
polynomials given by f lT2|) . 

The above analysis was performed for an impractical version of the proposed random- 
ized ideal multiplication method. It turns out that the polynomial matrix corresponding 
to the actual polynomials Qo{x,y), . . . , Qu+v{.x, y) generated on line 2 of the Merge algo- 
rithm has usually more than one eigenvalue in F with high algebraic multiplicity. But the 
geometric multiplicity of the corresponding eigenvectors appears to be much less than the 
algebraic one (although still greater than 1), so the algorithm still quickly converges. 

Let us now estimate the number of iterations of Reduce algorithm called on line 8 of 
Merge. To do this observe that the objective of Reduce is to decrease (1, k — l)-weighted 
degrees of polynomials constructed on lines 2 and 7 of Merge from approximately + ^2 
to approximately lri+r2i to cancel the monomials with too high (l,fc — l)-weighted 
degree. For each polynomial approximately (/r^ + lr2 — iri+r2){u + v) monomials should 
be eliminated. The total number of monomials to be eliminated can be estimated a^ 

^"^=0 ilri+lr2-lri+r2){u + v) = X;r=o' (^n +^r2 " 1) " (^n+ra - 1) ) ) (w + t^) = N{u + v). 

At least one monomial is cancelled during each iteration of Reduce. Taking into account 
(|T6|) . one obtains that the number of iterations in Reduce is given by 0{f{n — \/nk)), where 
f = ri + r2. The algorithm operates with polynomials containing 0{n{2fY) terms, i.e. its 
complexity is given by 0{n{n — \/nk)f^). 

It can be seen from ([1]) that the number of polynomials in the basis of If,r < r is 
0{f^/n/k). The degrees of these polynomials can be estimated as wdegj-Q^^-, y) = 

0{r\Jn/k) and wdegj-^^ Q) Qi{x,y) = 0{nf). Computing a product of two such polynomials 

requires O {nf"^ n / k\og{r n / k) log(nf)) operations. The analysis given above suggests 
that the number of iterations performed by Merge is 0(1). Therefore, the complexity of 
polynomial multiplications needed to construct the Grobner basis of from the basis of 
If is 0{'^f^ \og{f^Jn/k) log(nf)). Hence, one call to Merge at line 11 of the interpolation 
algorithm requires 0{nf'^{a \og{f^Jn/k) \og{nf) + b{n — y/nk))) operations for some positive 
a and b. 

•^Observe that the objective of minimization at hne 2 of Merge is to decrease the number of monomials 
to be canceUed, i.e. decrease the number of iterations in Reduce. 
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Obviously, the complexity of Interpolate algorithm is dominated by the FOR loop. 
The number of calls to Merge in this loop is given by 

M= [log^rj + ^ r,. (18) 

1=0 

The second term in this expression corresponds to line 17 of the algorithm. The complexity 
of the whole algorithm is dominated by the last iteration, so the overall complexity is 
given by O [nr^ (a log(r ^Jn/k) log(nr) + h{n — y/nk)). Observe that this is better than the 
complexity of IIA. 



4.3 Re-encoding 

The proposed binary interpolation algorithm can be integrated with the re-encoding ap- 
proach [21 El EI]- As it was shown in section 13. 3. 2^ Mr,p = [{y — T{x)y (f)^~^ {x),y'^{y — 
T{x)Y, < j < r,l < s < p — r]. Let ipi^) = 11^^1(2^ ~ ^O- Dividing T{x) by ipi^x), one 
obtains 

T(x) = h{x)ip{x) + g{x), 

where gixA = yi,1 < i < k and hixi) = ^^^-jj^^.i = k + 1, . . . ,n. Substituting y = 
g{x) + zil){x) and dividing^ all polynomials in M^^p by (x), one obtains the module 



Mr,p = i^P{x,z)e¥\x,y] 

i = k + l,...,n, wdeg(o,i) P{x, z) < p] 



which is generated by Iir.,j{x, z) = [z — h{x)y9^ "'(2;), < j < r and Ilr,r+j = z^il)^{x){z — 
h{x)Y, 1 < j < p — r, where 9{x) = ^||y. There is a one-to-one correspondence between 

the polynomials in Mj.,p and Mj.,p, and the smallest polynomial with respect to (1, k — 1)- 
weighted degree lexicographic ordering in Mr,p corresponds to the smallest polynomial 
with respect to (1, — l)-weighted degree lexicographic ordering in Mr, p. If a polynomial 
in Mr,p has leading term ax^y\ then the corresponding polynomial in Mr,p has leading 
term ax'^~^^''~^''z\a G F. This transformation essentially reduces the number of interpo- 
lation points. For high-rate codes this significantly decreases the number of terms in the 
polynomials, reducing thus the overall algorithm complexity. 

The Grobner basis of Mr,p can be again constructed by the Interpolate algorithm 
after minor modifications, as shown in Figure [51 (1, — l)-weighted degree lexicographic 
ordering must be used throughout this algorithm. The algorithm first constructs a Grobner 
basis of Ml j+i. The corresponding loop in the original algorithm terminates as soon as a 
polynomial with leading term y^ is discovered. After change of variables and term ordering 
the termination condition transforms to LTGj = x^^'^'^^zK Then the algorithm proceeds 



*This operation prevents one from using the concept of ideal here. 
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REENCODElNTERPOLATE(((Xi,|/i), I < i < n),r, k) 

1 %ij{x) ^ nti(^ - ^i)^ ^(^) = nr=it+i(^ - 

2 T{x) ^ZUyi n'^t~'''\ 

3 Compute h{x) : = h{x)ip{x) + g{x), degg{x) < k 

4 g^{e{x)) 

6 repeat 

7 ^ ^ Reduce(6;, 

8 J ^ J + 1 

9 until LT Gj = x^^-^'^^z^ 

10 B^g 

11 Letr = Er=o^.2^r, e{0,l} 

12 i? 1 

13 for j ^ m — 1 to 

14 do i? ^ 2i? 

15 MERGE(B,B,5(|i3|,|i3|,i?)) 

16 if rj = 1 

17 then R^R + l 

18 MERGE(^,^;,5(|s|,|^;|,i?)) 

19 return B 



Figure 5: Construction of a Grobner basis for M^^p 
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(31,15) code overGF(2^), LT minimization 



(31 ,1 5) code over GF(2^), random selection 
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Figure 6: Probability distribution of the number of iterations in Merge algorithm 



with increasing root multiplicity in the same way as the original algorithm. However, the 
termination threshold Aq of Merge algorithm has to be changed. For root multiplicity R 
after change of variables the basis polynomials should have leading terms x**z*,0 < i < 
M — 1, such that ti = ti + {i — R)k, where x**?/* are the leading terms of the corresponding 
polynomials which would be obtained without re-encoding. Therefore, the termination 
threshold in the modified algorithm should be set to Aq = '^^=q iti + {i — R)k) = Aq — 
Rku + k = Aq — -|- ^ -^j-^ere Aq is the termination threshold 

derived from ([9]). If the sizes of the bases supplied to Merge are ui and U2, then u = 
U1 + U2 — 1. Hence, one can compute the termination threshold for Merge as 6{ui, U2, R) = 



{n — k) 



R{R+1) 



+ k 



{ui+U2-2-R){ui+U2~l~R) 



5 Numeric results 

This section presents simulation results illustrating the performance of the proposed al- 
gorithm. Karatsuba fast univariate polynomial multiplication algorithm [T7| was used at 
steps 2 and 7 in Merge algorithm. 

Figure [6] illustrates the probability distribution of the number of iterations performed by 
Merge algorithm while constructing Grobner bases of Ir for different values of r. (31, 15) 
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(31,15,17) RS code over GF(2^) (255,219,37) RS code overGF(2^) 
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Figure 7: Performance comparison of interpolation algorithms 



code over GF{2^) and (63, 30) code over GF{2^) were considered. First and third plots 
were obtained with the algorithm presented in Figure |3l The second plot was obtained 
by replacing leading term minimization on line 2 of the algorithm with random selection 
of Qi{x,y) from the set {Pi{x,y)So{x,y), . . . , Pi_y{x,y)Sy{x,y)}. It can be seen that in 
the latter case the algorithm indeed converges exponentially fast. In the first and third 
cases the convergence is still exponential for r = 2™, although a bit slower than in the 
case of random polynomial selection. However, for the case of r = 17 up to 8 iterations 
may be needed with high probability. The reason is that constructing a Grobner basis of 

= he ■ h requires processing two different collections of polynomials Pi{x,y),0 < i < u 
and Sj{x^ y), < j < f with v « u. There is high probability that the smallest polynomial 
Sj^ (x, y) is used almost for all i on line 2 of the Merge algorithm. This results in high 
algebraic and geometric multiplicity of A(x) eigenvalues, i.e. the most probable partitions 
oj in f|T7|l are those with large uji. This effect is compensated by reduction of the total 
number of iterations in Reduce algorithm. Observe also that for r = 2"^ the algorithm 
converges faster for the case of | F | =64 compared to | F | = 32, as predicted by f|T7|l . 

Figure [7] presents average hst decoding time obtained with IIA, Lee-O'Sullivan algo- 
rithm, proposed binary interpolation algorithm, re-encoding method based on IIA, and 
binary interpolation algorithm with re-encoding. (31,15,17) and (255,219,37) Reed- 
Solomon codes were considered. It can be seen that the proposed algorithm provides 
up to 12 times lower complexity than IIA for the case of (31, 15, 17) code, and up to 15 
times lower complexity for the case of (255, 219, 37) code. Observe that the complexity 
of the proposed method increases slower than for the case of IIA, confirming thus the 
conclusion of Section 14.21 The complexity of the Lee-O'Sullivan algorithm turns out to 
be essentially the same as the one of IIA with re-encoding for rate-1/2 code, and exceeds 
it considerably for high-rate code. Observe also, that in some cases increasing the root 
multiplicity reduces the complexity of the proposed interpolation method. This represents 
the impact of the second term in fITS]) . i.e. line 17 of the proposed algorithm. 

Observe also that the proposed algorithm outperforms the re-encoding method in the 
case of low-rate code. For the high-rate code the re-encoding method turns out to be 
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better. However, employing re-encoding jointly with the proposed method further reduces 
the complexity. The overall gain with respect to IIA is up to 22 times for the case of 
(31, 15, 17) code, and up to 157 times for the case of (255, 219, 37) code. 

6 Conclusions 

In this paper a novel algorithm was proposed for the interpolation step of the Guruswami- 
Sudan list decoding algorithm. It is based on the binary exponentiation algorithm, and 
can be considered as an extension of the Lee- O' Sullivan algorithm. The proposed approach 
was shown to achieve significant asymptotical and practical gain compared to the case of 
iterative interpolation algorithm. An important advantage of the new method is that its 
first step (first iteration of the WHILE loop in Interpolate algorithm) coincides with the 
Gao decoding algorithm, which is able to correct up to {n — k)/2 errors. Since the most 
likely error patterns can be corrected with this algorithm, one should invoke the remaining 
computationally expensive part of the proposed method only if the Gao algorithm does 
not produce a valid codeword. It is an open problem if it is possible to terminate the 
interpolation algorithm as soon as it produces a bivariate polynomial containing all the 
solutions of a particular instance of the decoding problem, and avoid construction of Ir 
basis for the worst-case r given by ([I])-([3]). Another interesting problem is to generalize 
the proposed algorithm to the case rational curve fitting problem considered in [22]. 

For the sake of simplicity, the proposed method was presented for the case of all in- 
terpolation points having the same multiplicity. However, it can be extended to the case 
of weighted interpolation, allowing thus efficient implementation of soft-decision decoding. 
Furthermore, it can be integrated with the re-encoding method, achieving thus additional 
complexity reduction. 
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